The most complex cybercrime investigation ever undertaken by UK police has resulted in another member of a gang that used the Zeus Trojan to raid online bank accounts being sentenced to two years behind bars.

Latvian Karina Kostromina was originally arrested as part of Operation Lath in September 2010 along with 19 other mostly Ukrainian and Belarussians nationals, 13 of whom were eventually charged with offences.

Found guilty of money laundering for the gang, Kostromina was also married to alleged gang ringleader, Yevhen Kulibaba, who has still to be sentenced.

Exactly how much money the gang managed to steal using the keylogged bank logins of UK and US targets remains unclear but could run into tens of millions. What is clear is the staggering ease with which the gang looted money remotely. Between September 2009 and March 2010 the gang are known to have taken at almost £2.9 million, with the attempted theft of £4.3 million in total.

However, police have suggested that the true sum could be over £20 million or perhaps even higher still.

“These defendants were part of an organised network of computer criminals operating a state-of-the art international online banking fraud, through which they stole many millions of pounds from individuals and businesses in the UK and United States,” said detective inspector Colin Wetherill of the Metropolitan Police Central eCrime Unit (PCeU).

Despite the seriousness of the offences, the sentences dished out to defendants so far have hardly been swingeing, ranging from a few months to just over three years.  

Earlier this week, the PCeU estimated that it had prevented £140 million of cybercrime in the last six months alone. Part of the unit’s secret could be its strong links to police forces in other countries that take cybercrime in deadly earnest, such as the FBI.